Xerox Security

Xerox Security

The Ghost Vulnerability Affects Linux Systems

A vulnerability in the glibc system library on Linux systems has been reported. This vulnerability, named “Ghost” by some researchers, allows attackers to remotely execute code on unpatched systems. Such code has been shown to bypass all existing exploit protections available on both 32-bit and 64-bit systems and could perform any function available to those systems.

Learn more >
News & Events

Xerox Security
SSLv3 POODLE Vulnerability
An official announcement was made 10/14/2014 regarding a vulnerability in SSLv3 (nicknamed “POODLE”) which is used for encrypted web based traffic. SSLv3 is an older protocol which has been superseded by TLS v1.x; however, many browsers and webservers support SSLv3 for backward compatibility.

Learn more >
Xerox Security
“Shellshock” Bash-Related Security Vulnerability
Proof-of-concept code has been published on the Internet demonstrating how to exploit a bug in all current versions of Bash, a command line interpreter used on Unix-derived systems. This primarily affects Linux operating systems and Mac OS X based systems, where Bash is most commonly used.

Learn more >
Xerox Security
New Attacks Demonstrated Against Several Vendors' Multi-Function Print Devices
An attack against a Canon multifunction printer has recently been demonstrated that replaces the device software with a game. Xerox is aware of this and we are investigating any potential impact to Xerox devices.

Learn more >
See more
Xerox Security
Xerox Addresses the OpenSSL
“Man In The Middle” Vulnerability

Xerox is investigating the “Man In The Middle” vulnerability in the OpenSSL cryptographic software library on it’s hardware and software products. This vulnerability doesn't affect Microsoft Windows or Apple Macintosh client or server software, and is easily fixed on Linux or Solaris operating systems.
What you need to know >
Xerox Security
Xerox investigates LDAP vulnerability
It has been reported that some multifunction devices, from Xerox and other manufacturers, may be used to obtain user credentials from LDAP and Active Directory servers. This is only possible if the device administrator’s password is known or can be easily guessed by the attacker.
What you need to know >
Xerox Security
Xerox is investigating the impact of the “Heartbleed bug”
This vulnerability is for the OpenSSL cryptographic software library Version 1.0.1 to 1.0.1f. Although no large-scale attacks have yet been reported, easy-to-use code to exploit the vulnerability and steal data is available.
Get more information  
Xerox Security
Xerox Scanning Update
Find latest patches here.
Learn more  
Questions and answers  
Setting device defaults for scan settings  
Xerox Security
Xerox Brand Protection
We’ve taken multiple measures to safeguard our customers from falling victim to counterfeit supplies.
Stay protected with our security labels 
Xerox Security
BadUSB Exploit
BadUSB, a proof-of-concept virus, has demonstrated USB firmware vulnerability. We investigated the impact on Xerox device USB ports and put forth recommended actions.
What you need to know >